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BACKGROUND OF THE INVENTION 20007616 .i; 

This invention relates generally to the transfening of data In a secure manner 
using an electronic encoding and decoding system: The invention finds particular 
application to the remote keyless control of entry systems although it is not limited 
to this application which is described hereinafter merely by way of example. 

Electronic encoding and decoding systems are being used to an increasing extent 
In access control and other security systems. 

VVhen applied to Jtft,e^^pening or other door a remote control offens a 

user the convenience of not having to leave a vehicle in order to operate the door 
opener. Remote keyless entry utilised in a vehicle allows the user easy access to 
a vehicle without fitting .a key into a keyhole.' Remote control transmitters offer a 
convenient mechanism to activate and deactivate security systems like alarms and 
can act as mobile panic buttons. 

The capability of an attack on a security system increases as the power and speed 
of commercially available computers advance and as these"devices become 
cheaper. In other words security levels for access control are dynamic by nature 
and must from time to time be adjusted 
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Early digitally based encoders and decoders were designed to transmit a fixed 
code pf say"8 bits. The encoder (transmitter) .would fa^smit the same code. .each-, 
time it was activated. 

This type of system was attacked using a scanning device which includes a 
transmitter stepping through all of the codes sequentially. Since the number of 
possible codes was quite small, it was feasible to step through all the codes in a 
relatively short time. This type of scanning could be achieved by hand, using DIP- 
switchesin.anofF-shelftFahsmittej^^^^ . . .: 

To counter this problem the number of bits (code length) was increased and anti- 
scanning techniques were implemented. For example if a number of invalid codes 
were received in a short time period the system would fi-eeze for a fevy minutes in 
order to make the time required to scan through the code space unacceptably 
long. 

This solution was in turn defeated by code grabbers or recorders. The transmitted 
code was recorded and replayed. Irrespective of code length the receiver 
(decoder) was not able to distinguish between an original message and a 
recording thereof. A typical replay attack is impossible to prevent in a fixed code 
uni-directional system. 
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To overcome the code grabbing technique variable code, roiling code, or jx>de 
hopping, systems were designed. These were all uni-directional systems because , 
bi-directional systems were esqsensive and bulky. Although a number of these 
systems were relatively secure some had practical constraints and generally . 
lacked an acceptable means of handling lost codes, ie. codes transmitted outside 
the range of the related receiver. This inevitably created a "backdoor" that 
resulted in a breach of security. 

Soum (US Patent No. 6107258). Yoshizawa (European Application number 
881 16675.5) and Baiwer et al (US Patent No. 5517187) show systems addressing 
various problems" associated ' with, uni^lireSSohal security encoder/decoder 
systems. However, as has been pointed out, security systems are dynamic and 
new types of attacks have" evolved and shortcomings in such systems have 
surfaced. 

Soum's system has an incrementing counter and each transmission Is based on a 
new counter value. The counter value together with other information is encrypted 
using an irreversible algorithm and secret information. The counter is transmitted 
in clear text together with the encrypted data word. The receiver needs to verity 
that the encrypted value matches the open value. As such a lost code or 
synchronisation does not present a problem. 

In the system taught by Bruwer et al use is made of a counter tinat changes with 
each activation. Using a secret key or identification number the count value is 
encrypted togetiner with other data by means of an aigorltiim that has a related 
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decoding algorithm at the receiver. At the receiver end the encrypted code word is 

> 

decrypted to yield the counter value. By subtracting the previous valid recei>^ 
code word counter value from the latest counter value the number of lost codes 
can be determined. 

In the aforementioned references the number of lost cades can detennine some 
further action but, more importantly, it can be ascertained whether the code 
received is indeed a new code and not a replay of an old code that could have 
been recorded. 

."ni®. s^orementioned systems d(i Jnov\(ever .disp|ay,,the.. following weaknesses 
irrespective of the quality of the encryption algorithm which is used to secure the 
data: 

(a) Off-site recorded repla y attack: in this scenario the transmitter is activated 
out of range from the relevant receiver. The code is then recorded and can 
through a replay be used to activate (open) a garage door opener (GDO) or 
car door etc. This can be done even though the legal key is still with the 
owner and away from the receiver. Hours may'pass since the recording 
was made. Of course, the next fransmission from the authentic key 
received by the decoder will nullify the recorded code. 

This attack can be more dangerous when, after the recording or recordingis 
have been made, the legal key is damaged (not visibly but functionally) and 
therefore cannot nullify the recorded transmission by providing the receiver 
with a more recent code. 
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Unless the user erases that particular, transmission, the attacker carl use 
th^recorded codes or codes for an extended period (months or years)''to 
gain unauthorised access. It is known that the average user seldomly 
perform suchtasks diligently. - ' .- 

The attack does need physical access to the legal key and it can be argued 
that the attack is irrelevant, which is probably true for most situations. 
However, it is still as easy or easier than stealing a mechanical key, having 
a duplicate cut and then repladng the original to avoid suspidon. 

Double rec ofdino:- block an^ r^olav:- . this attack requires a little more skill 

but is certainly possible for most people with electronic knowledge. The 

» *** . 

attack is very relevant to single button GDO-s. When a user activates a 
transmitter to dose a door, the attacker records the transmitted code word 
but at the same time blocks the GDO receiyfir from receiving the particular 
code word. This can be done by selective jamming of the transmission 
words. 

The user would typically attempt another transmission. The attacker again 
records and blocks. When the transmission terminates the attadcer replays 
the first code word captured. The GDO receives this and closes. 

If the user now leaves the attacker will have captured a code word that 
would for the time being (until the legal user returns some hours or days 
later) be capable of activating that particular GDO. 
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(c) Unsecure d command bits- the system proposed by Socim transmits its 

» ■ 

corpmands unsecured. This would make it easy for an attacker to change 
one type of command (set alami) into another (deactivate). Using this 
tedinique. the double recording block and replay attadc can also be used 
on multi-button transmitter systems. 

(d) Fast stepoinQ! wrapping in a short time. This is probably the worst problem 
since very little technology is required for this attack. The attacker steps 
the transmission by activating the transmitter a number of times, say 100, 
and then makes a few recordings of transmissions following. The attacker 

- then activat^Vtiie transmitter LffiUI It wraps'around and stops it at the siame'^ 
count it was before it was originally started. The user is nothing the wiser 
but the attacker will have some future codes to use in an attack that may be 
at any time over tiie next extended period of time. 

Non-security related shortcomings are: 

(a) If a legal key is used for more than one decoder/application, the counter 
can be advanced many times between activation in the least used decoder. 
This can lead to wider window requirements which in turn lowers the 
security level but may be more of a practical operational problem, 

(b) The fact that the counter Is transmitted In the dear as well, eg. as in Soum's 
technique, makes the code word longer. This has transmission energy and 
noise susceptibility implications. 
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As can be seen from the preceding discussion the systems presented by Bruwer 
et al and^Soum, although vastly improved over previous fixed code systems, Still 
have some areas open to improvement This will become imperative as the 
technology available to attackers becomes more" advanced. The incentive for an 
attacker also becomes more attractive as this type of system is used to protect 
more and more valuable property. 

The system presented by Yoshlzawa'is time based witfi a timer repladng the 
incrementing counter used by Soum and Bruwer et al to assure codes tiiat change 
witii every transmission. This approach holds major advantages for security. 
However, the system as presented by Yoshlzawa has serious shortcomings when 
considered for wide ranging Implementation in products like remote keyless entiy 
(RKE) for vehicles, remote controls for gates and garage door openers (GDO's) or 
ottier access control applications witii security requirements. 

Yoshizawa proposes a system in which ti-ahsmltter and receiver timers are started 
at tine same time to synchronise Uie timers. This procedure would be too- 
complicated for a large percentage of users. When more tiian one transmitter 
must operate a single receiver the position becomes much worse. In fact, when 
all transmitters are not present at the same time, tinis approach is impossible (col. 
3 - lines 36-41). This is Impractical for most applications. 

Yoshizawa recognises tfie time difference which will occur due to natural drift 
between the timers but only addresses tiiis problem by increasing the window of 
time for accepting ti-ansmissions and giving a warning when the time difference 
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reaches a certain limit wfiich is less than the limit beyond which the receiver 
cannot bejx)ntrolled. 

In a further embodiment a code setting action is required (col. 5 - lines 16-21). A 
wrist watch with a display and a keyboard (10-key) is shown in an example. In this 
embodiment the receiver can accept direct transmissions to set a number of 
timers. In this case keyboards oh the transmitter and receiver are required. 

The transmitter / receiver time displays also guide the user to adjust the time when 
a discrepancy is noticed. A system like this requires displays, keyboards and user 
intervention, and may be unacce^tiable in a large number of applications due to 

cost, size and user transparency ease-of-use requirements. 

... 

The Yoshizawa system is intended for applications in whidi a few "illegal entries", 
which may be achieved in a relative short period (col. 9 — lines 45-48), are not 
regarded as a problem in the application targeted. However, in general security 
applications such an event would be unacceptable. 

Yoshizawa does not present a solution for the very real •'problem where the 
receiver or transmitter timer loses power (dead battery) and as such loses track of 
time relative to ottier timers in the system. It must be deduced that a complete re- 
learn will have to be performed. This would certainly not be acceptable in the 
general marketplace. 
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SUMMARY OF THE INVENmOtsl . . 

The invention provides a method of securely transferring data from a transmitter to 
a receiver which includes the steps dt 

(a) at the transmitter encrypting data which at least in part is based on timer 
information at the transmitter, to form a transmission word, 

(b) transmitting the transmission word to tiie receiver, 

(c) jat the receiver decrypting the transmission word, and 

(d) comparing the transmitted timer information to timer Information at the 
receiver. / " 

rf' '^.T^ •— , «" .t • -' ' ^ ■».»'♦ .i»;,v--' ... 

' ■■ ' •■ • ' -2^ ' ' '* ' ■■ 

The encrypted data word may include at least one of the following: identity 

information pertaining to the transmitter, command information and utility 

* ' •/ ' 

information. 

The data which is encrypted may be compiled into a data word which Is encrypted 
to form tiie transmission word. 

The method may include the step of keeping the transmitter and receiver in 
synchronism using a cold boot counter which Is changed each time the transmitter 
Is powered up or comes out of reset The count value of the cold boot counter 
may be used to influence a key or algoritfim at the transmitter and the count valufe 
Is not necessarily part of the data word which is encrypted. 
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The count value of the cold boot counter may be transmitted to the receiver in the 

. • • ;' ' * 

dear. ^ 

At least part of a word in which the count value of the cold boot counter is 
embodied may be used to designate a possible optional status. 

As each transmission word (ie. the encoded or encrypted data word) transmitted 
from the transmitter is based on a neviT value from the timer at the transmitter,^ it 
follows that the transmission words may differ from each other even tiiough the 
transmission words result from a single activation of the transmitter encoder. TTiis 
approach may however.not alway$'be4esirable and apcording to a variation . of the , 
invention a new transmission word is formed only with every new activation of. the 
encoder or after an extended, period of fransmission. activation. 

According to a preferred aspect of the invention the encoder at the transmitter has 
a user-derived changeable portion of its key: This portion of the key can be varied 
through inputs to the transmitter encoder made in any appropriate way, for^ 
example through the medium of DIP switches, a button operation procedure or the 
like. Added security is obtained since the user derived irfformation cannot be 
known to the manufacturer. 

According to a preferred aspect of the invention the receiver decoder has a leam 
mode which enables the decoder to leam a new authorised encoder. Upon 
completion of the leam action the decoder is able to recognise transmissions from 
the now-leamed encoder. Since a key needs to be derived from datactransferred 
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from the encoder to the decoder during the learning process, for example the 

> 

serial number, seed, and user-derived key information, tlie method of the Invention 
provides that this information may be stored and that the key may be derived only 
during the process of receiving and interpreting commands. 

Preferably the method of the invention includes the step, during the phase that the 
decoder teams information from a transmitter, of storing the learning information in 
a firstHn-first-out (FIFO) structure. 

During the learning process a relationship is established between the timer value 
of J^e transmitter, and ttje timer y^jye pf tine receiver. The inyention provides that 
tine difference between tine two timer values may be detemilned and stored at the 
receiver, updated when necessary, and tiie difference may be corripared to tiie 
difference resulting with each subsequent transmission and updated when 
necessary. 

In order to keep the timer (or clock) at tiie transmitter (encoder) in synchronism,- 
with the timer (or clock) at the receiver (decoder) tiie Invention provides, according 
to a preferred aspect, tiiat the encoder timer at its slowest vdnance (due to drift or 
any otiier factors) is faster tiian the decoder timer at its fastest variance (due to 
drift or other factors). 

The invention may provide that with each valid reception of a transmitted word tine 
decoder recalibrates tiie relationship between tiie encoder and decoder timers for 
tiie specific encoder (referred to as tiie Tr value). In otiier words tiie^previous Tr 
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value is replaced by the latest Tr value which reflects the exact relationship 

> 

between^e timers of the speofic encoder and the decoder. 

According to a further aspect of the invention' the method provides an auto- 
synchronisation window and a minimum or maximum window. 

The auto-synchronisation window (Wa) sets a time limit boundaiy for drift which is 
not regarded as a problem. This window may be a fixed value but preferably is 
related to operating time of the transmitter and receiver and, consequently, will 
increase with the passage of time. The size of Uie vwndow may be a function of 
®l?P^®^ operati;ng time but^.-nonetiieles may be^capped to an acceptable.* 
period. 

If the encoder timer value lies outside a re-syndironisation window (Wr) ttien the 
method of the invention may inhibit the reception of furttier transmissions from the 
encoder and enforce a re-leam action to reset the encoder/decoder relationship. 
Alternatively the metiiod may allow for at least one of the following steps In tiie 
case where the encoder timer Is fast or the value of the encoder timer lies outside 
tine Wa and Wr windows: 

(a) resynchronise from an "open/safe" state. This is equivalent to adjusting tiie 
combination of a safe access code when it is open; or 

(b) the encoder may be brought into physical contact with the decoder by 
means of an electrical conductor or connector. This step may be required 
before further access can be granted. 
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By using a physical electricaJ connector to transfer signals between the encoder 
and the decoder it is possible to allow the decoder to control activation buttonS-or 
inputs on the encoder to create a quasi bi-directional system. Activations can be 
executed in such a way that the probability of codes, which do not originate from 
the authentic encoder, being presented to the decoder, is very low. 

For example by physically conniecting tiie encoder to tiie decoder it Is possible to 
activate Uie encoder at a precise period and start the timer at ttie encoder. The 
decoder then randomly activates otiier inputs at tiie encoder which influence tiie 
transmission words from the encoder by using command bits in tiie data word. 
The decoder verifies tfiat.the words wgre constiucted at tiie precise time with the 
correct command input information. By ensuring that tiie activation sequence is 
such tiiat ttie encoder timer is used tiie pre-recording of multiple commands can 
be prevented tiius lowering the probability of a successful attack. 

The invention also provides apparatus for te-ansferring data which includes a 
transmitter and a receiver and vyherein tiie ti-ansmitter includes a timer and an 
encryption unit for encrypting data which at . least in part is . based on timer 
information from the transmitter timer thereby to form a transmission word, and 
the receiver includes a receiver timer, a receiver unit for receiving tiie encrypted 
transmission word, a decryption unit for decrypting tiie received transmission word 
to -extract, at least tiie said time inforrhation from ttie ti^nsmitter, and a 
comparator unit for comparing ttie fransmitter timer infomiation to timer 
information from the receiver timer. 

P.1901»^ 



BRIEF DESCRIPTION OF THE DRAWINGS 

The Invention Is further described by. way of examples with reference to the 
accompanying drawings in which: 

Figure 1 is a block diagram representation of an encoder used in a data 

transfening system according to the invention, 

Figure 2 is a memory map of th^ encoder shown in Figure 1 , 

Figure .3 is a block diagram representation of a decoder for use with the encoder 

of Figure 1, 

Figure 4 is a non-volatile memory map of the decoder of Figure 3, 

Figure 4a is a volatile memory m^p- of Jthe decoder of Figure 3, 

Figures 5 and 6 respectively represent data and transmission words originating at 

the transmitter, 

Figure 7 depicts memoiy locations for a learning encoder, 

Figure 8 illustrates a first-in-first-out technique for learning a second encoder. 

Figure 9 (which is presented in two parts marked Figure 9a and 9b respectively) is 

a flow diagram representation illustrating normal operation of the encoder. 

Figure 1 0a is a flow diagram of an encryption process, 

Figure 10b illusti-ates tiie action of an encoding algoritiim. 

Figure 1 1 is a flow diagram of steps during normal operation of a decoder. 

Figure 12 is a flow diagram representation of a learn operation at the decoder, and 

Figure 13 illustrates the setting of used derived information at tiie encoder. 
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DESCRIPTION OF PREFERRED EMBODIMENT . 

Figure 1 is a block diagram representation of an encoder 10 which is used in a 
transmitter for transmitting data, in a secure form, according to the invention, over 
a radio frequency, infrared, or other medium^ 

The encoder can be implemented as an integrated drcuit with its various 
components being part of this circuit or provided as discrete components. 

The encoder 10 has non^volatile memory 12, a control unit or processor 14, an 
interface or input .module 16 which, receives data from input sources 18 such as 
switches or push buttons, an osdilator 20. a timer 22 and a voltage reference 
module 24. *** 

Information pertaining to the identity of the encoder Is stored In tiie non-volatile 
memory 12. 

The timer 22 runs continuously and is connected to the oscillator 20, or to a 
crystal, to give a timing reference. The timer 22 changes at.regular intervals to 
reflect time Irrespective of wheUier tiie encoder Is activated for ti-ansmission. The 
time measure can be In minutes or seconds but may be any regular period. 

The encoder is controlled by a user activating one or more of the inputs 18 and the 
resulting signals are Interfaced to the control module 14 which interprets the Input 
and causes corresponding operation of the encoder. 
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Figure 5 illustrates an example of a data word 28 produced in the encoder, in this 
example Jhe data word includes timer information 30 derived from tfie timer 22, 
command information 32 which is produced by one or more of the inputs 18, a 
serial number 34, or a portion thereof, which relates to tiie identi'ty of the encoder, 
fixed code or user derived information 36, and utility information 38 which pertains 
to operational parameters of the encoder. The timer information 30 is essential to 
produce variance in the data word 28 in order to prevent replay attacks. The 
lengtio-of tiie timer and its resolution reflect a balance between cost, security, and 
practical implementation factors. For example tfie timer may be a 24-bit device 
which increments every 10 seconds. Due to the fact .tiiat tiie timer changes every 
10 seconds a transmission value recorded away from the receiver will soon bes 
invalid because the decoder will be able to determine that the timer value is out of 
date. 

The osdilator 20 in Figure 1 is preferably completely on-chip failing which the 
oscillating range must be restiicted. As such the osdilator cannot be fast 
foPA^arded to achieve tine same effect as in a "fast stepping" attack, or purely to 
make up time that can be used to record away from the receiver and then use the 
"extra" time to go back to the receiver 

One of the major problems of a time based system is that power 40 (see Figure 1), 
whether from a . battery source or otherwise, may be lost. If this happens the 
encoder immediately loses its relative time compared to other encoders and 
decoders which form part of the security system in question. The time may be 
saved into non-volatile memory at regular intervals so that upon re-apjDiication of 

P.190ia/Ies 
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power to the encoder the timer can proceed from where it left off. It will, howeve^ 

•* 

still be out of synchronisation by approximately tiie period that it was wittiout 
power. 

Continuously writing to memory requires "waking up" at regular intervals and over 
several years of usage tiie writing may be extensive. The waking up and writing 
operations consume meaningful quanti'ties of energy which is not desirable in most 
applications. These operations may also limit ttie options on non-volatile memory 
clue to tiie high number of readAAmte cycles and tiius ttie quality of non-volatile 
memory which is required. 

Anotiier option is to save the time witii each transmission. Neitfier of tiiese 

»»» 

possibilities is however witiiout drawbacks from tiie security point of view; The 
invention, as an alternative to tiie aforegoing approaches, makes use of a cold 
boot counter (CBC) 46 as is shown in tiie memory map 48 of Figure 2. The cold 
boot counter value is incremented or changed each time tiie encoder is powered 
up or comes out of reset The cold boot counter can also be changed when the 
timer overflows after an extended period of operation. 

The use of tiie cold boot counter holds several advantages in practi'ce: 

(a) the encoder is generally cheaper. Incrementing the timer in volatile 
memory (RAM) at lower voltages Is less costly than storing a value in non- 
volatile memory (EEPROM) at very low voltages; 

(b) fewer writes to non-volatile memory are required; 

(c) the risk of writing errors is reduced; 

P.19018/IM 
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(d) since the cold boot counter is changed only at the time of powering up or 
reset, time constraints are much relaxed. It may however be desirable from 
a security perspective to increase the time constraints from seconds to 
minutes; and 

(e) the power requirement is reduced. 

It is noted that it is important that the cold boot counter value changes in a 
constant direction (up or down) In order to determine new and old (possible 
replays) transmissions. 

As is shown in Figure 2 the memory map 48 at the encoder includes an 
identification number or key 50, the cold boot counter (CBC) value 46, a serial 
number 52, a configuration word 54, a seed 56 and user-derived key information 
58. The cold boot counter value can be used to influence the key or the algorithm 
at the encoder and does not necessarily form part of the data word 28 to be 
encrypted. It is however proposed that the cold boot counter value is transmitted 
to the receiver/decoder in the clear. This may not happen with every word but can 
for example only occur in an extended transmission, say of at least 15 seconds, or 
for the first hour after a power-up event. The CBC value may also be transmitted 
partially with successive transmission words. 

Figure 6 illustrates a transmission word 70 which includes the cold boot counter 
value 46 (in the clear), command information 72. an encrypted version 74 of the 
data word 28, the serial number 34, a heading 74 and a cylic redundancy count 
(CRC) value 78. This word is transmitted to the decoder at which the word is 

P.1S018/jes 
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decrypted and data extracted therefrom is used, in a manner which is described 
hereinafter. 

According to one aspect of the invention a number of high end. bits of the timer 
value are used for a high speed timer to count down for a short time period, say of 
the order of 10 seconds. This is done immediately following a first transmission in 
a sequence of activations. One bit of the timer is used to designate an optional 
status bit to show what is reflected in the timer 22. This high speed timer allows 
easy access and better time resolution in thie period after a transmission has been 
activated and helps a decoder make time-based activation decisions. For 
example a second transmission activation within three seconds of a first activation 
may be a command to unlock all doors in a vehicle and not only the driver's door. 
The decoder need not even receive the first transmission. 

As the timer 22 runs each transmission word from a single activation of the 
encoder may be based on the new timer value and may as such differ from a 
preceding word. This approach may however not always be desirable and 
according to a variation of the invention a new transmission word may be formed 
with every new activation of the encoder or after an extended period of 
transmission activation, say in excess of 5 seconds. 

Figure 3 is a block diagram representation of a decoder 80. The decoder includes 
a control unit or processor 82, an on-board oscillator 84, a timer 86, a decoding 
and key-generating algorithm 88 which is stored in non-volatile memory, a 
memory module 90, a reset and voltage reference 92. and an output module 94 
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which acts as an interface to output devices 96 eg. LED's or the like. Data 98 may 
be transmitted to the control unit during a normal transmission whereas learning 
input 100 may be instructed to the control unit to enter a learning mode. 
Preferably the oscillator is controlled by a crystal 102. 

Figure 4 is a decoder memory map 104 of information held in the non-volatile 
memory 90. The map includes a generation key 106 and a plurality of sets of data 
108(1), 108(2) ... etc. resulting from successive transmissions from respective 
transmitters/encoders. Each transmission includes the respective cold boot 
counter value, the seed and serial number, the user identification number and the 
configuration word referred to in connection with Figure 2. The decoder, in volatile 
memory, Figure 4(a), may also include information about the relationship of each 
encoder timer with the decoder timer (Tr). 

LEARNING 

The decoder 80 has a learn mode in which it can "learn" a new authorised 
encoder. Upon completion of the learn action the decoder is able to recognise 
transmissions from the now learned encoder. The learning process is, in general 
terms, known in the art. However it is proposed that each encoder has a user- 
derived changeable portion of its key (58, see Figure 2) which is a portion of the 
key that can be changed or influenced by the user and which is not known to the 
manufacturer. This has a number of security benefits. The user-derived key 
information can be determined through inputs 18 to the encoder eg. DIP switches . 
or through a button operation procedure. An example is the time period between 
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a first power-up action and tlie instance at wiiich a button Is pressed. The jjser- 
derived ipformation 36 may also be Inserted into the data word 28 and bbth 
methods will cause a change in the transmission word (70) values and sequence. 

Since a key needs to be derived from data transferred from the encoder to the 
decoder during the learning process (for example the serial number, seed and the 
user-derived key information) it falls within the scope of the invention to store this 
information and to derive the key only during the process of receiving and 
interpreting commands. This does have the drawback of needing extra 
processing at the time of receiving a command but., saves costs as non-volatile 
- memory to store' 'the keys is riot 'required. learning Information from ^a - 

transmitter, during the learn mode, this information Is stored in a first-in-first-out 
(FIFO) stack structure. 

As can be seen from Figures 7 and 8 each new encoder is learned into the same 
position. Prior thereto all other positions have been programmed into the next 
memory location, ovenA/riting the information that was there before. Clearly the 
previous value that was in position "n" (Figure 8) will be lost - hence the FIFO 
designation. 

During the learning process a relationship (Tr) is established between the timer 
value of the encoder (Te) and the timer value of the decoder (Td). 

For example if at tiie time of learning Te = 120 and Td =1243 the difrerence Tr 
between the two values, which is 1123, can be stored. If it Is accepted tiiat the 
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decoder and encxider timers are perfectly in synchronism then at the time of the 
next transmission when Td = 1574 the received Te value must corresjDond to 1^74 
- 1 123 = 451 . It is important that the Tr value is stored for each learned encoder. 

SYNCHRONISATION 

As the encoder and decoder timers (22 and 86 respectively) will inevitably exhibit 
drift between them in ail but the most expensive systems it is important to 
accommodate such drift without undue sacrifices to security and with as little 
requirement for user intervention as possible. This also holds true for the handling 
of.a powerfailureatthe^ncoderprdeoxler.^^^^^^^^^^^v^^ : .- 

According to a prefenred aspect of the invention the timers 22 and 86 are . designed 
so that the encoder timer is always faster tiian the decoder timer. The design is 
such that even with tiie encoder timer at its slo>yest variance and the decoder 
timer at its fastest variance the encoder timer is tiie fester of the two. 

With each valid reception the decoder recalibrates the Tr value, for the spedfic 
encoder and the previous Tr value is replaced with the new Tr value which reflects 
the exact and latest relationship between tiie encoder and decoder timers (22 and 
86). As such even if there is drift of (say) 1 minute per day and a 5 minute window 
is allowed for a valid transmission, a system which is used on a regular basis does 
not drift too far because with each use the pre^nous drift is calibrated out For 
example, a system in a car which is used twice a day (evenly spaced) will, based 
on the preceding assumptions, always be within about 0,5 minutes accuracy. 



Due to security considerations a reception under conditions in which Te is further 
advancect with reference to Td, is less of a problem than a slow Te. The lafter 
may be an attempted replay or a transmission recorded out of range finom the 
-decoder and then taken.to^the ^iecoder (hence the timer Ioss)-and replayed. - - 

Production offsets (ie. drift between the timers whic^ is constant and which does 
not change over time) can also be calibrated out with a coefficient For example 
when -an alarm system is installed in .a controlled environment (regulated 
temperature and voltage), two transmissions with a reasonable time period 
between tiiem (of tiie order of several minutes) can be used to trim out such 
manufactufing offsets. If it is known that under controlled voltage and temperature 

conditions tiie normal drift is 1%, but it is found by measuring the drift between two 

.-.> »* . 

successive ti-ansmissions tiiat the drift is in fact 2%, then the difference can in 
future always be multiplied by a factor (101/102). If tiie drift on ttie otiier hand is 
-1 % tiien a factor (1 01/99) is used to adjust tiie drift; 

The invention allows two types of fonvard windows to be accommodated, namely 
an auto-synchronisati'on window Wa and a re-synchronisation window Wr. 

The auto-synchronisation window sets a time limit boundary for drift (Te greater 
than Td) which is not regarded as a problem. Security requirements dictate this 
value should be as small as possible but, from a practical point of View, this should 
not enforce additional actions on a user to such an extent that the system 
becomes cumbersome or user-unacceptable. The auto-synchronisation window 
could be a fixed value but in a preferred embodiment is represented by' a factor of, 
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say. 3% of usage time. In the latter case the window grows larger diver time but is 

■ ■ ■* . 

a more gpcurate representation of tiie drift between the counters. In the prior ;art 
which is embodied in Bruwer et al and Soum the counters represented a number 
of activations vvhidi are unrelated In time. In the -present Invention however-the 
auto-synchronisation window is not related to the number of activations and Is 
purely a ftjnction of the relative drift between the timers over the time elapsed 
since a previous valid reception. This is the case since Tr was last calibirated at 
the minimum or at the time of the previous valid reception. Note that in Yoshizawa 
the window has to cover time elapsed since the encoder was first connected with 
the decoder. This is quite a sever-e impediment 



The Wa type of window which can b^ accommodated by the system can have a 
minirnum and/or maximum value. This window can be specified even though a 
factor of the elapsed time is used for the determination of the window size. Tliis 
has the advantage that In a system which is used on a regular basis the Wa 
window Is quite small but even If tiie system is not used for a long time, say in 
excess of a year, the size of the window Wa is kept to an acceptable period of, 
say, 10 minutes. 

For example for a 0,1% Wa factor and 5 second minimum and 10 minute 

maximum caps tiie following occur. 

Time since previous valid code Wa size 

10 minutes 6 seconds 

5 hours (600 min) 36 seconds 

5 days 7,2 minutes 
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10 days lOminutjSS • ^ 

1 year ^ 10 minutes '** 

Should the Te value be fastfr.sQ:that ft falls beyond VVa in teims ft fe 

desirable to perform further security checks, A further window called a re- 
synchronlsation window (Wr) can be used and this window will require some 
further security checks that may not be too stringent 

One such security check requires a further transmission in order to verify tiiat the 
timing information correlates with the expected value with reference to that of the 
previous transmission which feltoutside Wa but inside Wr^^ In some applications 
this check would suffice and, if the encoder timing information passes this test, tiie 
decoder accepts the command and also re-synchronises .the Tr -value to remove 
the drift which has occurred. 

If \he Te value is beyond Wr the decoder does not accept transmissions from that 
encoder and enforces a re-leam or other action as is described hereinafter, which 
totally resets the encoder/decoder relationship. 

With a Te value which is slow with reference to the Td value the security 
constraints required are much tighter. With correct design there is no reason why 
tiie Te value should fail behind the expected value, it must be recognised 
however that any increment beyond the value previously received, even if slower 
witii respect to the expected value, still yields better security than "activation 
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count* based systems such as those described in the Bmwer et al and Spurn. 
Yoshizawa on the other hand treats slow and fast windows In the same way. 

. Pepending on.the securi yarious options can be designed jntp the 

system to "double check" the authentidty of the encoder. For example, if the Te 
value is 30 seconds fast then the decoder can check for a new value 30 seconds 
later. A valid new code would mean that the encoder is present and therefore 
authentic. 

However with a sound design and a guarantee that Te Is faster than Td, rather 
than slower, the reception of a sfovy raises serious security concerns. . .. 

It is possible to re-synchrohise an encoder with a slow Te, or a Te falling outside 
the Wa and Wr windows, in one of three different ways: 

(A) Re^svnchronise from an "ooen/safe" state. 

This is equivalent to adjusting the combination of a safe access code when it is 
open. As such another legal or approved mechanism must be used to put the 
system in an "open" state. This can be another encoder, a mechanical key, an 
electronic token or the like. Once in an "open" mode the Tr value can 
automatically adjust 
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(B) Physical contact between the encoder and decoder can be established bv 
means of an electric connector. . 

This can be a requirement before further access is granted. Physical contact may 
be eistabiished through an electrical connector situated on the outside of a security 
perimeter which is protected by an access control system linked to the 
encoder/decoder. 

For example if the system controls a garage door opener, the electrical connector 
can be in a house or an outer side of the house. On the other hand if the security 
system is used Iri .connection with a vehicle, the connector may be on an outer 
side of the vehicle or some place which is accessible only with a mechanical key, 
eg. inside the trunk or boot of the vehicle. 

By using a physical electrical connector to transfer electrical signals the decoder 
can control activation buttons to create a quasi" bi-directional system. Electrical 
contacts to the activation inputs of the encoder allow tine activations to be 
executed in such a way that the probability of codes, which do not originate from 
the authentic encoder, being presented to thei decoder is very low. This probability 
can be statistically conti-olled by suitable design. In ottier words by making the 
communication via the electilcal contacts more complex or expanded, the 
probability of a successful attack can be lowered. 

In a preferred embodiment the high speed ti'mer and repeat (activation) counter 
play a major role. Upon insertion in the connector the decoder activates the 
encoder. This first transmission starts tiie high speed timer and the decoder then 
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randomly activates other buttons which influence the transmission vrards from the 
encoder jrta the command bits In the data word. The decoder verifies that'tiie 
words have been constructed at the predse time with the correct command button 
infomriatlon.. By mgking.sure. the a sjKjuence i& such that the tifgh speed 

timer is used or that the normal timer would show, the pre-recprding of multiple 
commands can be prevented, thereby lowering the probability of a successful 
attack. 

In another embodiment the sequence can also be checked via the repeat 
activation counter which counts the number of activations in a defined period after 
a first activation./ Again; this can preyent the pre-recording of multiple activations 
in order to have a replay response available to the decoder activations. 

The same mechanism can be used via feed back to a user but will probably not be 
acceptable for the average user. An example is. a display panel indicating the 
sequence of buttons that must be pressed* 

(C) Bi-directional communication. 

Full bi-directional communications may be used. If however bi-directional 
communication facilities are available then these facilities should be considered for 
more extensive use as they can enhance security when implemented correctiy. A 
situation can however be foreseen In which communication In one direction will be 
of limited range. For example, the encoder to decoder medium may be RF whilst 
the decoder communicates with the encoder via optical, transponder or hard 
wiring means due to cost or other considerations. 
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In an example of an application using the prindples- of the invention an IR LED 
may be jjsed to provide the communication medium from the decoder to the 
encoder. The encoder is part of a RF key fob. The encoders monitors an optical 
receiver CPIN diode): after it. lias been activated and has transmitted^^a 
If the decoder receives a code from the encoder with an unacceptable Te. it 
communicates back to the encoder via the optical medium. If tine key fob is held 
with the optical path, (because the user notices that the decoder does not read), it 
will receive the decoder data and tiie encoder/decoder can proceed with a bi- 
directional verification process. 

It must be rhentibned Ihat a physical, connector csan also solve tiie problem of a 
dead encoder battery by providing power, whereas the optical system cannot 

If the autiienticity of the encoder is established via any of tfiese methods, Uie Tr 
value is automatically adjusted to re-synchronise Te and Td by removing any drift 
that may have caused the problem. 

ENCODER OPERATION 

An example of an encoder operational life cyde is described witii reference to 
Figure 9. 

Upon a power-up sequence or when a reset occurs (210) a number of functions 
take place to reset the integrated circuit which embodies the encoder. In essence 
the integrated circuit is put into a well-defined state to ensure that its function is 
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predetermined upon coming out of reset For example memories are cleared, and 
pointers ^nd program counters are set to defined positions. . 



r 



The encoder no>^ increments (21 (CBC) value,^^ Jt Js 




important that redundancy or error correction is used in this step to prevent the 
CBC value from being erased or scrambled due to writing errors or the like.. As 
such checks should also be done to verify that tiie voltage supplied to the circuit is 
suffident to ensure successful writing into the non-volatile memory. 

Once the CBC value has been incremented the encoder moves into the cycle in 
,:,which It will spend most of Its llfe^! it tiie timer Is to be Incremented (216)/ and tiiis 
takes place at regular intervals of, say, 10 seconds, then the timer count is 
advanced (218). A further check (220) is done to verify that tiie timer has not 
reached its limit and is about to overflow. This however is a rare occurrence. 

The inputs 18 (see Figure 1) are monitored (222) to check if tiie encoder has been 
activated. If no inputs are active the cycle repeats itself endlessly. 

Upon detecting active inputs, the inputs are debounced and read (224). If the 
inputs are valid (226) the timer value is read and the data word is constructed 
(228). It has been explained in connection with Figure 5 that the data word consist 
of several elements which are put togetfier to prepare the encrypted data word 74 
(see Rgure 6). 

If the inputs are not valid (229) then the earlier cycle steps are repeated. 
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After reading the timer the controller ched<s if the high speed timer (HST) js 
already mnning or if this transmission is actually the first transmission which has *- 
taken place after a period of inactivity (230). If tfie HST is not running it is started 
and tiie flag for the HST is set so tiiat it is recognised tiiat the HST is active (232). 
The subsequent transmissions will include the high speed timer count as part of 
the data word. 

The resulting data word is encrypted (234) and the result is used in tiie 
construction of tine transmission word 70 (see Figure 6) in a step 236 (see Rgure 
9b). Before the f ansmission word is ti^nsmitted over tiie medium in question (RF, 
IR or other) tile inputs 18^ are checked, to verify tiiat the same command is sti'll 
active (238). If not tiie to^smlssion is bandoned and tiie conti-oller 14 returns to 
its waiting cycle (216, 222). /. 

If tiie command is still active tiie encoder starts, to output tiie data of tiie 
transmission word so that it can be U-ansmitted (240). Typically tiie encoder is 
responsible for tiie data rates. Altiiough not shown ttie encoder can continuously 
check for a new input demanding that a new word should be formed immediately. 
Under such circurnstances the ti-ansmission can Immediately be terminated in 
order to start preparing and transmitting the new transmission word. 

/ 

The controller can exchange some of tiie CBC bits tiiat fonm part of tiie 
transmission word (242). For example if the CBC is 16 bits and only two bits at a 
time are being added to a ti^nsmission word tfien 8 consecutive words would be 
required to reconstruct the CBC counter at tiie receiver/decoder. This does not 
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affect the security of . the transmission but it does provide a convenient way of 
reducing the length of the transmission word. 

Thereafter the controller can return the operation (244) to the phase prior to the 
step 238, If however the system is designed to start output of the HST after a 
certain elapsed time (say 5 seconds) it proceeds to a step 246 at which the HST 
count is read. A check is then performed to see if the command currently active 
has been active for at least 5 seconds (248). If a transmission word has not been 
previously constructed (250) then a check is done (252) to see if the same input 
18 is still active. A recycle or return to earlier process steps takes place 
depending on the outcome of this test. 

If a transmission word has previously been constructed then the process 
synchronises the addition of a new HST count with the completion of an earlier 
transmission and a new data word is formed (254) and encrypted (256), and a 
new transmission word is constructed (258). The transmitter cycle then continues 
from immediately prior to step 238. At any time the process can be terminated 
when the inputs change or fall away (238 or 252). 

If the inputs change or are repeated within a short period, say from the start of the 
HST, the repeat counter increments with each new activation. Once the HST 
overflows the normal timer is incremented. If the HST works within the same 
interval (say 10 seconds) this should prevent seamless timing. 
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ENCODING . • : 

An encoding example is described with reference to Figures 10a and 10b. At the 

. start of an encryption a^^ (^00) all the Initafisatipn ^^^^ and sofjyyace 

is done. A spedfic key is read from non-volatile memory and the CBC count is 

obtained (302). The key is the key allocated to a specific encoder. If an encoder 

has multiple keys one of these is detennined by means of a particular command. 

The key may be read 8 bits at a time. The data which is to be used in the 

encrypted data word, ie. the data word and the user derived information, is 
« 

obtained (304) and the various elements are fed to ttie algorithm (306) to yield a 
scrambled data word (308) whic& is used in the transmission wor^^^ 

Figure 10b schematically dejpicts an encoding algorithm 310 operating (312) on 
the data word and user derived information, and the key and the CBC count 314, 
to yield the scrambled data word 74. 

It is to be noted that in the decoding process which is carried out at the receiver 
the decoder algorithm performs the reverse operation in that , if the decoding 
algorithm is provided with the correct key and CBC count the decoding algorithm 
transforms the scrambled data word 74 to yield the data word and tiie user derived 
information. 

An example of decoder operation is discussed with reference to Figure 11. 
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Upon reset (350) the decoder, in a step (352), scan its input (98 in Figure 3) for 
data received If a test 354 shows that the data format is incorrect then fiie 
preceding cycle is repeated. Once a complete transmission word of the correct 
fbrmathas teen :rec»iyed the decoder, in a step 356,.does a cydical redundancy., 
check (CRC) to verify that the transmission word was correctly received, and 
checks the serial number and the CBC portion of the transmission word. 
Thereafter in steps 358 and 360 respectively the serial number and the CBC value 
are matched against corresponding values stored in non-volatile memory 90 (see 
Figure 3). 

If the CBC value' is not* matched against the stored value then a period of time 
elapses in which additional data is rec;eived and a new CBC value is constructed 
(step 362). The validation process is then repeated. 

After the validation process has successfully been completed the decoder reads 
the timer data Td (step 364) and then uses the serial number and other 
information stored during a teaming process to calculate a decryption key (366) 
corresponding to tiie encoder that generated the particular ti"ansmission word. 

The decoder uses tiie decryption key togettier with the CBC value to perform a 
decryption process (368) on the scrambled part of the transmission word. It is to 
be noted that some commands may not require any security and in this event the 
decoder may interpret and activate tiie command after the step 360. However, 
since the only advantage would be that the command can be issued some 
milliseconds eariier this is not of particular significance. 
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With the decrypted data word available the decoder performs a ched< to verify a 
match bgtween tfie encoder user derived information and the decoder u'&er 
derived information (370). A non-match forces a return to the scanning of the 
inputfora valid, transmission word (step 352). v .: , ., 

If the match is positive the more complex checking between the encoder and 
decoder timers is performed. In this example a re-leam is assumed if the re- 
synchronisation window Wr is exceeded or Te lags behind ,Td. Firstiy tiie 
automatic synchronisation window is checked (372) and if the check is passed 
tiien the command bits are interpreted and tiie outputs activated (374). The Tr 
value is updated to reiflect tine latest' relationship between the encoder and 
decoder timers (376) and tiiereafler process is repeated. 

If the step 372 shows that the difference between the encoder and decoder timers 
displays a Tr value falling outside tiie auto-synchronisation window Wa then the 
value is checked against the less rigid re-synchronisation window Wr (step 378). 
if Tr also falls outside of Wr then the received b'ansmissibn word is abandoned as 
being invalid and tiie decoder returns to tiie scanning input step 352. 

If tiie timing difference Tr falls witiiin Wr then the decoder prepares to receive 
anoUier ti-ansmission word within a short time,(say 10 or 20 seconds) and it Uien 
can use tiie HST data to confirm a second ti-ansmission 380 and verify the timing 
relationship (382). Because the time interval in question is particulaily short no 
significant drift can occur. A check is done against Wa but, if necessary, a tighter 
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chedc can be effected, if the test fails the decoder cancels the re-syhchronfsab'on 

. ■ ■ . • ** 

process ^84) and returns to step 352. **• . 

If. the timer* test (382) is successful the Tr value is adjusted (386) and the 
commands are interpreted and activated (390) whereafter the process returns to 
the stage 352. 

The preceding example does not cover the handling of the HST. repeat data, 
battery level indication, shift levels nor a situation in which the decoder loses or 
has lost power and therefore has lost timer information. 

Usually the decoder is more expensive and complex than the encoder. A single 
decoder Is also typically required to work with multiple encoders. Power 
consumption is normally less constrained at the decoder, compared to the 
encoder. Due to these factors it is desirable to havd the decoder timer include the 
HST portion permanently. This may prove handy for comparisons at re- 
synchronisation actions or when second or third instructions are received within a 
short space of time. It is also important for handling a quasi-bidirectional 
synchronisation or authentication process as discussed earlier. 

The shift levels, battery level indications ,and repeat values all comprise 
information which may influence the outputs generated by the decoder. 

If the decoder should lose power then it would pass through the reset state (350) 
when power is restored. At tills point a choice is made from a number of options. 
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For example the time of every valid reception can be stored in non-volatile 
m.emory each time a valid word is received and successfully decoded. A flag dan 
now be set to relax Wa and Wr for all encoders which have already been leamt, 
for one auto re-synchronisation action. A.che<* is carried put tliat the encoder 
timer has increased beyond what was stored at the reception of the previous valid 
transmission word from the corresponding encoder. 

Another option is to enforce the change of the CBC value at the encoder or the re- 
synchronisation of the decoder Tr values by operating a transmitter while in the 
open state. 

In another venation the decoder can use a timer value fi'om the next valid and 
previously leamt encoder activating it after the reset, to readjust its main timer. All 
Tr values (for otiier leamt encoders) would automatically come into play again. 
This can be done with some provision for error by- adjusting the decoder for only 
99% of the perceived lost time as can be derived from this single encoder timer. 
This is because it is far more difficult to handle encoders witii timers lagging tiie 
decoder timer tiian for encoders with timers which lead the decoder timer. 

DECODER: LEARN MQDF 

The decoder leam operation is discussed with reference to Figure 12. The 
decoder must be instructed to switch from normal operation to teaming mode and 
typically this is done using an input switch 100 (see Figure 3). Once the activation 
of the input switch is detected (400), tiie switch is debounced (402) to confirm that 
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the input is activated. The input for the leanri mode can operate on ah interrupt 
basis or 4^ can be tested from time to time in the program fIo>v during nonfial 
operation of the decoder. 



Once the learn mode has been confirmed (404) the decoder must receive 
sufndent transmission words to construct the CBC value that may not necessarily 
be completely included In every transmission word (406). If this process fails due 
to transmission terminating before the complete CBC value has been received or 
due to the incorrect reception of code words, the learning process is abandoned 
(408) and the process returns to step 402 to verify that the learning mode is still 
selected. The decodertfmer is aisb read for reference. 

If sufficient information is received to construct the CBC value (410) then the 
control unit 82 (see Figure 3) constructs the cold boot counter value and reads the 
timer data Td fi-om the timer 86 (step 412). The control unit then calculates (step 
414) the decryption key using the serial number, the CBC count and other 
information transferred via the transmission values. This key is used in tiie 
decryption process (414) to obtain the data, word including tine user derived 
information, commands and encoded timer information. 

In a step 416 tiie data is checked to see if it conforms to requirements. A further 
transmission a short time later may be required to verify the timer movement. 
Once accepted as a valid learn the relevant information is stored into the decoder 
non-volatile memory 90. This includes the Tr value (the relationship between the 
encoder and decoder timers) and the Te of the last valid received data word. 
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The decoder may indicate (step 418) the status of the learning process on some 
indicator Jo the user, eg. an LED. The completion of the learning process of 'an 
encoder can also be indicated in the sarhe way. 



This aforementioned process can be repeated to enable the learning of several 
encoders. The information from each encoder may be written to memory in a first- 
in. first-out sequence (FIFO) as is shown in Figures 7 and 8. 

In the aforementioned sequence it is not possible to perform selective erasing of 
encoders, it is possible though to erase the oldest encoder by the addition of a 
new encoder, once the" memory for'feamed encoders is full. A further command to 
erase all learn encoders may be impjefnented. 

ENCODER: SETTING "USER DERIVED INFORMATION" 

Figure 13 illustrates process steps in setting user derived information at tiie 
encoder 10. 

When the encoder is powered up (450) a check is performed on internal non- 
volatile memory 12 (see Figure 1) to determine if the user derived information 
("UDI") has already been set If not. the encoder can automatically enter a UDI 
setting mode. In a variation tiie encoder can check if a spedal set of inputs has 
been activated (452) to cause the encoder to enter the UDI setting mode, if not 
tiie encoder proceeds with normal operation (454). 
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if a special inputs are active (456) the encoder activates tiie higli speed timer HST 
in.a step^458). In a particular example fhe period for v/hicli the inputs are acfive 
Is used to determine a value by stopping the HST changing at the time the inputs 
diange (460). The substanjtially rsndom yalue in the HST pan be read and used 
as a UDI value (462) to construct (464) a user defined information word vyrtiich can 
then be stored (466) in the encoder non-volatile memory before proceeding with 
normal operation (454). 



Dated tiiis 1 8* day of December 2000. 
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Fig.l; Encoder Block Diagram 
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Fig. 3: Decoder: Block Diagram 
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Fig. 4: Decoder Memory Map:* fion-volatile memory 
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Fig. 5: Data Word 
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Fig. 9a : Encoder: Normal operation Part I 2/9 

Reset 




jEncrement 
Cold Boot Counter 




Dd)0unce 
Read Inputs 



22^ 




Ye s ?2g 



Read Timer 
Cooscruct Data Word 




2?2 



Start HST 



Encrypt Data Word 



25^ 



* lEgh Speed Timer 




McCALLUM, RADEMEYER & FREIMOND 
PATENT AGENTS 
FOR THE APPLICANT/s 



AZOTEQ(PTY) LTD 

PROVISIONAL PATENT APPLICATION 

iig^bi Encoder:' Normal operation I'art n 

L 



236 



Constxuct Transmission Word 




Transmit 
process active 



SWAP CBC bits ' 



Optional 



For nenr transzmsston 
words after 5 seconds 



No 



Read HST & Repeat 




Construct New Data Word 



Encrypt 



Construct New IXW 



Z5g 



* with every word in a transmission that consists of a string of words, 
the CBC is partially transmitted 




McCALLUM, RADEMEYER & FREIMOND 
PATENT AGENTS 
FOR THE APPLICANT/s 



f 



Get Command 
GetKey&CBC 





3^ 


GetDataWord 
Get User Derived Info 






^» 

Encrypt Data Word 
& User Derived Info 
Using Algorithm + Key + CBC 



F^lOb: 



c 



Done 



Data Word 
User Derived Ta£o 




1* 



Scrambled Data Word 




McCALLUM, RADEMEYER & FREIMOND 
PATENT AGENTS 
FOR THE APPLICANT/s 



20TEQ (PTY) LTD • 

ROVISIONAL PATENT APPLICATION 

. 11: Decoder : Normal Operation 



20007616 



7/9 




Reset 



Ihtaipret Cornmands 



Activate Outputs 




Yes 35^ 



CbrskCRC 
Check ScnaINt? 
Chfick CBC ponion 



Reccivcli^csrB Data . 
.-Make npnetr CBC. 



t 



3^2 



No 




No 



3^ 



3«f 



ReadTd 



3tf6 — f 



Calculate Dec Key 



3«8 



Pctfonn Dccryptioii 




No 



3/2 



Receive a nssx code 
fioxn zLsa acovaxian axzd decrypt 








AcdvateOu 





Cancel Tr* 




McCALLUM, RADEMEYER & FREIMOND 
PATENT AGENTS 
FOR THE APPLICANT/s 



20TEQ (PTY) LTD 

ROVISIONAL PATENT APPLICATION 



Fig. 12: Learn Operation: Decoder 
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